What is a Data leak?
A data leak is the unauthorized release of sensitive or confidential information. Once data is leaked, there is no guarantee that it is protected, and the likelihood of it being misused is high.
Data leaks can occur in different scenarios – sometimes intentionally and sometimes by accident. Data leaks are a very serious issue, and procedures should be in place to detect and remediate them quickly.
There are several types of data leaks, including:
- Email leaks
- Cyber attack data leaks
- Unsecure system leaks
- Insider threat leaks
Keep scrolling and reading to find out why data leaks occur and how you can detect, respond or even prevent a data leak.
Data Leak vs. Data Loss
Data leaks and losses are both serious issues, as they will likely cause some level of financial consequences for the company that was tasked with safeguarding the data. While these topics may be similar, they differ in their impact and the way organizations should respond to them.
Data leaks are a severe issue, and companies must respond urgently to curtail the leak. Data leaks are bad because the data is no longer a part of the chain of custody – which means unauthorized entities can get access and use the data in illicit ways.
Data loss can be equally severe – but in a different way. Data retention policies are common, and they require companies to retain certain types of data for specific periods of time. Defying those retention policies (whether intentionally or accidentally) can result in fines and legal trouble. In addition, losing data can cause security investigations to go cold, which lengthens remediation and increases costs.
Data Leak vs. Data Exfiltration
Data leaks and data exfiltration are similar but distinctly different. Data leaks occur when sensitive or confidential information is released without authorization, which can be the result of human error, insecure systems, or cyber attacks.
Data exfiltration is the process of transferring data from its authorized source to an unauthorized source. In other words, data exfiltration can be thought of as data theft. For example, an employee might email sensitive information to a personal Gmail account or back up sensitive company data to a personal Google drive.
Causes of Data Leaks
There are many possible causes of data leaks, some of which may be intentional while others might not be. Let’s review some common attack methods:
Cyber attacks
Out of all the different attack methods, cyber attacks are the most common type that leads to data leaks. They include targeted attacks against “data-rich” companies and can be multifaceted over long periods of time. Cyber attacks can consist of a combination of probing for weak spots, identifying targets, phishing, social engineering, and planting malware.
Insider threats
Insider threats, which leverage users with authorized access to data, are the next most common attack method. They aren’t always a result of malicious intent; data loss due to insider threats can also be the result of negligence or a lack of training.
Unsecured systems
Unsecured systems and networks are a liability when it comes to safeguarding data. Luckily, this attack method is preventable. Keep up with your patching!
Third-Party breaches
The SolarWinds cyber attack that occurred in late 2020 may be the best example of how the security problems of third-party vendors can lead to data loss within your organization.
Human errors
A great security posture involves limiting access. (Ideally, it would mean not allowing any access, but that’s not practical in the real world.) Even with top safeguards in place, humans are not perfect and are prone to making mistakes. Human errors often result from using insecure communication channels, not using approved software, falling victim to phishing attacks, or poor password management.
Impacts of Data Leaks
Financial losses
Companies can suffer financial losses from data leaks both directly and indirectly. Examples of direct financial losses include disruptions to business operations, steep fines, and lawsuits. Indirect financial losses include intangibles, such as damage to the company’s reputation and negative PR.
Business interruptions
Time is money, and highly-technical engineers cost a lot of money – especially when planned work grinds to a halt and engineering time is dedicated to unplanned troubleshooting. In addition to tying up critical resources, this is likely to disrupt business operations, which leads to a loss of revenue.
Damaged reputations
Loss of customer trust due to data loss can be a massive problem since it has a direct impact on the bottom line. Negative publicity in the media can perpetuate negative sentiment, which may brand your company in a bad light. This can ultimately lead to decreased employee morale and loss of opportunities to grow the company.
Legal & Compliance issues
As custodians of data, companies must adhere to legal and compliance regulations that govern the handling and storage of sensitive data. The sensitivity can vary by data type, and there are steep penalties if guidelines are not followed (regardless of the cost involved or the complexity of following those guidelines).
Detecting and Responding to Data Leaks
Runtime Monitoring and Detection
Monitoring network and user activity combined with other layers of preventative measures gives your company a better chance of limiting the impact of data leaks. This can include investing in tools that enable security teams to identify leaks sooner and stop them before major damage can be done.
Incident Response Plan
Detecting data leaks is only half the battle. It’s also important to have a plan in place that determines how to react during an active incident. This is where an incident response plan comes into play. This documents a plan to quickly respond to data leaks if they happen, and it should include steps to contain the breach, assess the impact, and take corrective action.
Remediation
There are several steps that need to be taken before the incident can be remediated. First and foremost, the breach should be contained to limit any further data loss. This could involve disconnecting users from systems or cutting network access. Once contained, you need to assess the severity of the breach to gain an understanding of the overall impact. When you understand the severity, you can determine the amount of resources to spend trying to find the root cause of the breach. Having a good incident response plan during this stage is critical in determining how much data will ultimately be leaked.
Once the root cause is identified, it can be fixed. Then, it will move to post-incident review, which will help the company learn from its mistakes and ensure proper controls are in place to prevent the same problem from occurring again.
Can leaked data be unleaked?
Once data has been leaked, it loses its chain of custody and there are no longer any controls in place to limit access to this data. It’s possible that several entities have already collected, stored, and analyzed this data prior to the detection and remediation of the leak. Even if data leaks are quickly detected and resolved, you are still left with the burden of determining if that data has been accessed by unauthorized sources.
One way to limit damage once data has been leaked is to be transparent with those who are affected. This includes informing users about what type of data was leaked and when it happened. Working with outside security companies as well as making a heartfelt effort to identify who was responsible and ensure it doesn’t happen again are also effective ways to try and regain public trust after data has been leaked.
Data Leak prevention strategies
Security policies and procedures
Classifying data according to type as well as how it should be stored and handled is the first thing to consider when developing security policies and procedures. For example, different countries treat PII data differently, which dictates rules for how the data should be collected, used, stored, and terminated.
Role-based access controls and audit trails are other effective measures that can be used to identify who can access what types of data. They also enable analysts to quickly identify where the data breach occurred.
Employee training and awareness
As outlined above, a good security policy only goes so far and can be negated if the users who have authorized access to view that data are poorly trained. Attackers know this, and they deliberately target weak points by trying to trick users. This is why employee training and awareness are so important. The training provided should be short and relevant so it can be consumed by users on a consistent basis. In addition to training, organizations should encourage users to report suspicious processes or anomalies that could lead to data leaks.
Top Data Leaks
Data-rich companies that have lots of different types of data in great quantities are prime targets for criminals. For example, the three big American credit bureaus that collect, analyze, and craft credit scores for individuals (and then sell them to lenders) are all data-rich companies.
One of those major credit bureaus, Equifax, fell victim to a data leak in 2017 when attackers identified unpatched systems and exploited them to extract information (including a lot of PII data) on 143 million consumers.
While it’s quite eye-popping to think about having over 100 million affected users, there was an even bigger data leak that occurred several years prior to that, and it resulted in billions of affected users. This happened to Yahoo! not once, but twice, when attackers stole names, DOBs, email addresses, and challenge questions to user accounts in 2013 and again in 2014.
Conclusion
Companies who are stewards of data have an obligation to protect that data and ensure that proper policies and procedures are in place to minimize leakage. Data leaks have a real impact on society and should not be taken lightly.
Attackers may see this as a crime against large corporate entities who have the funds to write off these leaks as the cost of doing business, but the ones who are really ultimately affected are the people who had their data leaked.
Identity theft and fraud are often the results of these data leaks. The victims are real, and they feel the pain of these crimes.